Domain:
dspace.iiti.ac.in
Environment: Apache HTTP Server (Reverse Proxy) + Tomcat 9 + Ubuntu/Debian
sudo apt update
sudo apt install certbot python3-certbot-apache
Create a new Apache site config:
sudo nano /etc/apache2/sites-available/dspace.iiti.ac.in.conf
Paste:
<VirtualHost *:80>
ServerName dspace.iiti.ac.in
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ErrorLog ${APACHE_LOG_DIR}/dspace_error.log
CustomLog ${APACHE_LOG_DIR}/dspace_access.log combined
</VirtualHost>
Enable necessary modules and site:
sudo a2enmod proxy proxy_http headers
sudo a2ensite dspace.iiti.ac.in
sudo systemctl restart apache2
Test by visiting:
http://dspace.iiti.ac.in
Run the following to issue and configure the SSL cert:
sudo certbot --apache -d dspace.iiti.ac.in
Follow the interactive prompts and choose to redirect HTTP to HTTPS if prompted.
<VirtualHost *:443>
ServerName dspace.iiti.ac.in
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/dspace.iiti.ac.in/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/dspace.iiti.ac.in/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Certbot auto-renewal runs via systemd. To verify:
systemctl list-timers | grep certbot
Optional: Add a cron job manually:
sudo crontab -e
Add:
30 2 * * * certbot renew --quiet --post-hook "systemctl reload apache2"
sudo certbot renew --dry-run
Edit Apache HTTP config if not already redirected:
<VirtualHost *:80>
ServerName dspace.iiti.ac.in
Redirect permanent / https://dspace.iiti.ac.in/
</VirtualHost>
Reload Apache:
sudo systemctl reload apache2